dot013/spacestation
1
0
Fork 0
Code Issues Pull Requests Activity

feat(capytal,gitea)!: migrate from https://forge.capytal.company to https://code.capytal.cc

Browse Source 
A new forge is now used, it is pretty much equal to before, but now we
are using (a fork of) Gitea instead of Forgejo. Gitea was choosen
because provides more features that we need compared to Forgejo and it
has a more modern codebase to fork and customize. The fork can be found
at https://code.capytal.cc/loreddev/gitea, it mostly provides a new
default theme and custom UI changes.
This commit is contained in:
Guz
2025-10-11 09:21:21 -03:00
parent 8df6647f9e
commit 470d719f80
6 changed files with 375 additions and 87 deletions
Download Patch File Download Diff File Expand all files Collapse all files

352
capytal/forge.nix
View File

@@ -1,118 +1,350 @@
{ {
config, config,
inputs,
lib, lib,
self,
pkgs, pkgs,
... ...
}: let }: let
cfg = config.services.forgejo; cfg = config.services.forgejo;
gitea = config.services.gitea;
in { in {
services.forgejo = { imports = [
self.nixosModules.gitea
];
services.gitea = {
enable = true; enable = true;
package = pkgs.forgejo; package = inputs.loreddev-gitea.packages.${pkgs.system}.default;
settings = let lfs.enable = true;
initList = l: (lib.strings.concatStringsSep "," l); settings = with lib; let
in { initList = l: (concatStringsSep "," l);
in rec {
DEFAULT = { DEFAULT = {
APP_NAME = "Capytal Code"; APP_NAME = "Capytal Code";
}; };
actions = {
ENABLED = true;
DEFAULT_ACTIONS_URL = "https://data.forgejo.org";
};
admin = {
DISABLE_REGULAR_ORG_CREATION = true;
USER_DISABLED_FEATURES = "deletion manage_ssh_keys manage_gpg_keys";
EXTERNAL_USER_DISABLED_FEATURES = "deletion manage_ssh_keys manage_gpg_keys";
};
database = {
HOST = "127.0.0.1:${toString config.services.postgresql.settings.port}";
NAME = "forgejo";
USER = "forgejo";
SSL_MODE = "disable";
};
repository = { repository = {
DEFAULT_REPO_UNITS = initList [ DEFAULT_REPO_UNITS = initList [
"repo.code" "repo.code"
"repo.issues" "repo.issues"
"repo.pulls" "repo.pulls"
]; ];
DEFAULT_TEMPLATE_REPO_UNITS = repository.DEFAULT_REPO_UNITS;
};
"repository.pull-request" = {
CLOSE_KEYWORDS = initList [
# en-US
"close"
"closes"
"closed"
"fix"
"fixes"
"fixed"
"resolve"
"resolves"
"resolved"
# pt-BR
"corrige"
"completa"
"fecha"
"implementa"
"resolve"
"termina"
];
};
"repository.signing" = {
DEFAULT_TRUST_MODEL = "committer";
};
"ui.meta" = {
AUTHOR = "Capytal";
DESCRIPTION = replaceString "\n" " " ''
Software forge dedicated for hosting official projects from Capytal and it's members.
Explore and discover the source-code of our commercial user-facing products, internal
developer-focused libraries, and infraestructure setups.
'';
KEYWORDS = initList [
"capytal"
"capytal code"
"capytal-code"
"git"
"gitea"
"projects"
"development"
"open source"
"open-source"
];
};
server = {
DOMAIN = "code.capytal.cc";
ROOT_URL = "https://${server.DOMAIN}";
PUBLIC_URL_DETECTION = "auto";
HTTP_PORT = 9964;
};
database = {
DB_TYPE = "sqlite3";
NAME = "gitea";
USER = "gitea";
SQLITE_JOURNAL_MODE = "WAL";
}; };
security = { security = {
REVERSE_PROXY_TRUSTED_PROXIES = "127.0.0.0/8,::1/128"; INSTALL_LOCK = true;
}; COOKIE_REMEMBER_NAME = "__Host-capytal_code_forge_incredible";
server = rec { PASSWORD_COMPLEXITY = initList ["lower" "upper" "digit" "spec"];
HTTP_PORT = 9960; PASSWORD_CHECK_PWN = true;
DOMAIN = "forge.capytal.company";
ROOT_URL = "https://${DOMAIN}";
}; };
service = { service = {
REGISTER_MANUAL_CONFIRM = true;
REVERSE_PROXY_TRUSTED_PROXIES = "127.0.0.0/8,::1/128";
DISABLE_REGISTRATION = true; DISABLE_REGISTRATION = true;
DEFAULT_KEEP_EMAIL_PRIVATE = true;
DEFAULT_ALLOW_CREATE_ORGANIZATION = false;
DEFAULT_USER_IS_RESTRICTED = true;
SHOW_REGISTRATION_BUTTON = false;
ALLOW_ONLY_INTERNAL_REGISTRATION = true;
VALID_SITE_URL_SCHEMES = initList ["https"];
}; };
qos = {
# For endpoints not protected by Anubis and protect from overload in general.
ENABLED = true;
};
cache = {
ADAPTER = "twoqueue";
HOST = builtins.toJSON {
size = 1000;
recent_ratio = 0.25;
ghost_ratio = 0.5;
};
};
session = {
COOKIE_SECURE = true;
COOKIE_NAME = "__Host-i_like_capytal_code_forge";
SAME_SITE = "strict";
};
picture = {
DISABLE_GRAVATAR = true; # Deprecated
ENABLE_FEDERATED_AVATAR = false; # Deprecated
};
"cron.delete_repo_archives" = {
ENABLED = true;
};
"cron.git_gc_repos" = {
ENABLED = true;
};
oauth2 = {
ENABLED = true;
};
federation = {
ENABLED = true;
};
lfs = {};
storage = { storage = {
STORAGE_TYPE = "minio"; STORAGE_TYPE = "minio";
MINIO_USE_SSL = false; MINIO_USE_SSL = false;
MINIO_ENDPOINT = "127.0.0.1:3461"; MINIO_ENDPOINT = "localhost:3461";
MINIO_BUCKET = "forgejo"; MINIO_BUCKET = "gitea";
MINIO_LOCATION = config.services.garage.settings.s3_api.s3_region; MINIO_LOCATION = config.services.garage.settings.s3_api.s3_region;
}; };
ui = { "storage.repo-archive" = {};
# DEFAULT_THEME = "capytal-dark"; "repo-archive" = {};
actions = {
ENABLE = false; # Temporarily
DEFAULT_ACTIONS_URL = "self";
}; };
}; };
secrets = { secrets = {
server = {
LFS_JWT_SECRET = config.sops.secrets."gitea/server/lfs_jwt_secret".path;
};
security = {
SECRET_KEY = config.sops.secrets."gitea/security/secret_key".path;
INTERNAL_TOKEN = config.sops.secrets."gitea/security/internal_token".path;
};
oauth2 = {
JWT_SECRET = config.sops.secrets."gitea/oauth2/jwt_secret".path;
};
storage = { storage = {
MINIO_ACCESS_KEY_ID = "${config.sops.secrets."forgejo/s3/key".path}"; MINIO_ACCESS_KEY_ID = config.sops.secrets."gitea/storage/access_key_id".path;
MINIO_SECRET_ACCESS_KEY = "${config.sops.secrets."forgejo/s3/secret".path}"; MINIO_SECRET_ACCESS_KEY = config.sops.secrets."gitea/storage/secret_access_key".path;
}; };
}; };
}; };
services.gitea-actions-runner = { services.gitea-actions-runner = {
package = pkgs.forgejo-actions-runner;
instances = { instances = {
"forgejo-runner-1" = { "gitea-runner-1" = {
enable = true; enable = true;
name = "Forgejo Runner (${config.networking.hostName}) 1"; name = "Gitea Runner (${config.networking.hostName}) 1";
url = config.services.forgejo.settings.server.ROOT_URL; url = gitea.settings.server.ROOT_URL;
tokenFile = config.sops.secrets."forgejo/actions/token".path; tokenFile = config.sops.secrets."gitea/actions/token".path;
labels = [ labels = [
"alpine-3.22:docker://data.forgejo.org/oci/alpine:3.22" "alpine-3.22:docker://data.forgejo.org/oci/alpine:3.22"
"golang-1.24:docker://data.forgejo.org/oci/golang:1.24-alpine3.22" "golang-1.24:docker://data.forgejo.org/oci/golang:1.24-alpine3.22"
"node-24:docker://node:24-bullseye" "ubuntu-22.04:docker://docker.gitea.com/runner-images:ubuntu-22.04"
]; ];
}; };
}; };
}; };
users.users."${cfg.user}".packages = [ # systemd.services.gitea-custom = let
(pkgs.symlinkJoin { # gitea = config.services.gitea;
paths = [pkgs.forgejo]; # rsync = lib.getExe pkgs.rsync;
buildInputs = [pkgs.makeWrapper]; # in {
postFixup = '' # before = [
wrapProgram $out/bin/gitea \ # "gitea-secrets.service"
--add-flags --config '${cfg.customDir}/conf/app.ini' # "gitea.service"
''; # ];
inherit (pkgs.forgejo) name pname meta; # script = ''
}) # ${rsync} -av "${./assets}" "${gitea.customDir}/public/assets"
]; # '';
# serviceConfig = {
# Type = "oneshot";
# RemainAfterExit = true;
# User = gitea.user;
# Group = gitea.group;
# ReadWritePaths = [gitea.customDir];
# UMask = "0077";
# };
# };
services.anubis.instances."forgejo" = { services.anubis.instances."gitea" = {
settings = { settings = {
BIND = ":${toString (cfg.settings.server.HTTP_PORT + 2)}"; BIND = ":${toString (gitea.settings.server.HTTP_PORT + 2)}";
BIND_NETWORK = "tcp"; BIND_NETWORK = "tcp";
METRICS_BIND = ":${toString (cfg.settings.server.HTTP_PORT + 3)}"; METRICS_BIND = ":${toString (gitea.settings.server.HTTP_PORT + 3)}";
METRICS_BIND_NETWORK = "tcp"; METRICS_BIND_NETWORK = "tcp";
SERVE_ROBOTS_TXT = true; SERVE_ROBOTS_TXT = true;
TARGET = "http://localhost:${toString cfg.settings.server.HTTP_PORT}"; TARGET = "http://localhost:${toString gitea.settings.server.HTTP_PORT}";
ED25519_PRIVATE_KEY_HEX_FILE = config.sops.secrets."anubis/forgejo/hex_file".path; ED25519_PRIVATE_KEY_HEX_FILE = config.sops.secrets."anubis/gitea/hex_file".path;
}; };
}; };
services.caddy.virtualHosts.":${toString (cfg.settings.server.HTTP_PORT + 1)}" = { services.caddy.virtualHosts = let
extraConfig = '' redir = {
reverse_proxy http://localhost${config.services.anubis.instances."forgejo".settings.BIND} { extraConfig = ''
header_up X-Real-Ip {remote_host} redir https://code.capytal.cc{uri} permanent
} '';
''; };
in {
":${toString (gitea.settings.server.HTTP_PORT + 1)}" = {
extraConfig = ''
reverse_proxy http://localhost${config.services.anubis.instances."gitea".settings.BIND} {
header_up X-Http-Version {http.request.proto}
header_up X-Real-Ip {remote_host}
}
'';
};
# Old ports used by legacy https://forge.capytal.company
":9961" = redir;
":9962" = redir;
}; };
# services.forgejo = {
# enable = true;
# package = pkgs.forgejo;
# settings = let
# initList = l: (lib.strings.concatStringsSep "," l);
# in {
# DEFAULT = {
# APP_NAME = "Capytal Code";
# };
# actions = {
# ENABLED = true;
# DEFAULT_ACTIONS_URL = "https://data.forgejo.org";
# };
# admin = {
# DISABLE_REGULAR_ORG_CREATION = true;
# USER_DISABLED_FEATURES = "deletion manage_ssh_keys manage_gpg_keys";
# EXTERNAL_USER_DISABLED_FEATURES = "deletion manage_ssh_keys manage_gpg_keys";
# };
# database = {
# HOST = "127.0.0.1:${toString config.services.postgresql.settings.port}";
# NAME = "forgejo";
# USER = "forgejo";
# SSL_MODE = "disable";
# };
# repository = {
# DEFAULT_REPO_UNITS = initList [
# "repo.code"
# "repo.issues"
# "repo.pulls"
# ];
# };
# security = {
# REVERSE_PROXY_TRUSTED_PROXIES = "127.0.0.0/8,::1/128";
# };
# server = rec {
# HTTP_PORT = 9960;
# DOMAIN = "forge.capytal.company";
# ROOT_URL = "https://${DOMAIN}";
# };
# service = {
# DISABLE_REGISTRATION = true;
# };
# storage = {
# STORAGE_TYPE = "minio";
# MINIO_USE_SSL = false;
# MINIO_ENDPOINT = "127.0.0.1:3461";
# MINIO_BUCKET = "forgejo";
# MINIO_LOCATION = config.services.garage.settings.s3_api.s3_region;
# };
# ui = {
# # DEFAULT_THEME = "capytal-dark";
# };
# };
# secrets = {
# storage = {
# MINIO_ACCESS_KEY_ID = "${config.sops.secrets."forgejo/s3/key".path}";
# MINIO_SECRET_ACCESS_KEY = "${config.sops.secrets."forgejo/s3/secret".path}";
# };
# };
# };
# services.gitea-actions-runner = {
# package = pkgs.forgejo-actions-runner;
# instances = {
# "forgejo-runner-1" = {
# enable = true;
# name = "Forgejo Runner (${config.networking.hostName}) 1";
# url = config.services.forgejo.settings.server.ROOT_URL;
# tokenFile = config.sops.secrets."forgejo/actions/token".path;
# labels = [
# "alpine-3.22:docker://data.forgejo.org/oci/alpine:3.22"
# "golang-1.24:docker://data.forgejo.org/oci/golang:1.24-alpine3.22"
# "node-24:docker://node:24-bullseye"
# ];
# };
# };
# };
#
# users.users."${cfg.user}".packages = [
# (pkgs.symlinkJoin {
# paths = [pkgs.forgejo];
# buildInputs = [pkgs.makeWrapper];
# postFixup = ''
# wrapProgram $out/bin/gitea \
# --add-flags --config '${cfg.customDir}/conf/app.ini'
# '';
# inherit (pkgs.forgejo) name pname meta;
# })
# ];
#
# services.anubis.instances."forgejo" = {
# settings = {
# BIND = ":${toString (cfg.settings.server.HTTP_PORT + 2)}";
# BIND_NETWORK = "tcp";
# METRICS_BIND = ":${toString (cfg.settings.server.HTTP_PORT + 3)}";
# METRICS_BIND_NETWORK = "tcp";
# SERVE_ROBOTS_TXT = true;
# TARGET = "http://localhost:${toString cfg.settings.server.HTTP_PORT}";
# ED25519_PRIVATE_KEY_HEX_FILE = config.sops.secrets."anubis/forgejo/hex_file".path;
# };
# };
# services.caddy.virtualHosts.":${toString (cfg.settings.server.HTTP_PORT + 1)}" = {
# extraConfig = ''
# reverse_proxy http://localhost${config.services.anubis.instances."forgejo".settings.BIND} {
# header_up X-Real-Ip {remote_host}
# }
# '';
# };
} }

53
flake.lock generated
View File

@@ -145,11 +145,11 @@
"rev": "305579e103f4ca3e4f891f6e919eac5dab5a0057", "rev": "305579e103f4ca3e4f891f6e919eac5dab5a0057",
"revCount": 122, "revCount": 122,
"type": "git", "type": "git",
"url": "https://forge.capytal.company/capytal/capytal.cc" "url": "https://code.capytal.cc/capytal/capytal.cc"
}, },
"original": { "original": {
"type": "git", "type": "git",
"url": "https://forge.capytal.company/capytal/capytal.cc" "url": "https://code.capytal.cc/capytal/capytal.cc"
} }
}, },
"crane": { "crane": {
@@ -931,11 +931,29 @@
"rev": "bb9a6c5b18f7124c99a144a7ec18b2d5be75decf", "rev": "bb9a6c5b18f7124c99a144a7ec18b2d5be75decf",
"revCount": 57, "revCount": 57,
"type": "git", "type": "git",
"url": "https://forge.capytal.company/guz013/keikos.work" "url": "https://code.capytal.cc/guz013/keikos.work"
}, },
"original": { "original": {
"type": "git", "type": "git",
"url": "https://forge.capytal.company/guz013/keikos.work" "url": "https://code.capytal.cc/guz013/keikos.work"
}
},
"loreddev-gitea": {
"inputs": {
"nixpkgs": "nixpkgs_9"
},
"locked": {
"lastModified": 1760046992,
"narHash": "sha256-gxn4TqMjccch1ULBNlau9t0HANrElrahaRw0r39oROw=",
"ref": "refs/heads/main",
"rev": "d9021491c727caceb47ec2f5a057e9d197ce6f1d",
"revCount": 19905,
"type": "git",
"url": "https://code.capytal.cc/loreddev/gitea"
},
"original": {
"type": "git",
"url": "https://code.capytal.cc/loreddev/gitea"
} }
}, },
"mdfmt": { "mdfmt": {
@@ -1089,6 +1107,22 @@
"type": "github" "type": "github"
} }
}, },
"nixpkgs_10": {
"locked": {
"lastModified": 1757810152,
"narHash": "sha256-Vp9K5ol6h0J90jG7Rm4RWZsCB3x7v5VPx588TQ1dkfs=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "9a094440e02a699be5c57453a092a8baf569bdad",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-25.05",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1753489912, "lastModified": 1753489912,
@@ -1203,16 +1237,16 @@
}, },
"nixpkgs_9": { "nixpkgs_9": {
"locked": { "locked": {
"lastModified": 1757810152, "lastModified": 1758690382,
"narHash": "sha256-Vp9K5ol6h0J90jG7Rm4RWZsCB3x7v5VPx588TQ1dkfs=", "narHash": "sha256-NY3kSorgqE5LMm1LqNwGne3ZLMF2/ILgLpFr1fS4X3o=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "9a094440e02a699be5c57453a092a8baf569bdad", "rev": "e643668fd71b949c53f8626614b21ff71a07379d",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nixos", "owner": "nixos",
"ref": "nixos-25.05", "ref": "nixos-unstable",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
@@ -1297,7 +1331,8 @@
"dot013-nix": "dot013-nix", "dot013-nix": "dot013-nix",
"home-manager": "home-manager_3", "home-manager": "home-manager_3",
"keikoswork": "keikoswork", "keikoswork": "keikoswork",
"nixpkgs": "nixpkgs_9", "loreddev-gitea": "loreddev-gitea",
"nixpkgs": "nixpkgs_10",
"nixpkgs-unstable": "nixpkgs-unstable_2", "nixpkgs-unstable": "nixpkgs-unstable_2",
"sops-nix": "sops-nix_2" "sops-nix": "sops-nix_2"
} }

8
flake.nix
View File

@@ -14,15 +14,19 @@
}; };
capytalcc = { capytalcc = {
url = "git+https://forge.capytal.company/capytal/capytal.cc"; url = "git+https://code.capytal.cc/capytal/capytal.cc";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
keikoswork = { keikoswork = {
url = "git+https://forge.capytal.company/guz013/keikos.work"; url = "git+https://code.capytal.cc/guz013/keikos.work";
# inputs.nixpkgs.follows = "nixpkgs"; # inputs.nixpkgs.follows = "nixpkgs";
}; };
loreddev-gitea = {
url = "git+https://code.capytal.cc/loreddev/gitea";
};
dot013-nix = { dot013-nix = {
url = "github:dot013/nix"; url = "github:dot013/nix";
}; };

8
modules/gitea.nix
View File

@@ -141,12 +141,12 @@ in {
services.gitea.secrets = { services.gitea.secrets = {
security = { security = {
SECRET_KEY = "${cfg.customDir}/conf/secret_key"; SECRET_KEY = mkDefault "${cfg.customDir}/conf/secret_key";
INTERNAL_TOKEN = "${cfg.customDir}/conf/internal_token"; INTERNAL_TOKEN = mkDefault "${cfg.customDir}/conf/internal_token";
}; };
oauth2 = { oauth2 = {
JWT_SECRET = "${cfg.customDir}/conf/oauth2_jwt_secret"; JWT_SECRET = mkDefault "${cfg.customDir}/conf/oauth2_jwt_secret";
}; };
database = mkIf (cfg.database.passwordFile != null) { database = mkIf (cfg.database.passwordFile != null) {
@@ -154,7 +154,7 @@ in {
}; };
server = mkIf cfg.lfs.enable { server = mkIf cfg.lfs.enable {
LFS_JWT_SECRET = "${cfg.customDir}/conf/lfs_jwt_secret"; LFS_JWT_SECRET = mkDefault "${cfg.customDir}/conf/lfs_jwt_secret";
}; };
}; };

20
secrets.nix
View File

@@ -32,18 +32,10 @@ with lib; {
# Anubis # Anubis
${config.services.anubis.defaultOptions.user} = [ ${config.services.anubis.defaultOptions.user} = [
"anubis/forgejo/hex_file" "anubis/gitea/hex_file"
"anubis/medama/hex_file" "anubis/medama/hex_file"
]; ];
# Forgejo
${config.services.forgejo.user} = [
"forgejo/actions/token"
"forgejo/git_password"
"forgejo/s3/key"
"forgejo/s3/secret"
];
# Garage # Garage
"garage" = [ "garage" = [
"garage/admin_key" "garage/admin_key"
@@ -53,6 +45,16 @@ with lib; {
"garage/rpc_secret" "garage/rpc_secret"
]; ];
# Gitea
${config.services.gitea.user} = [
"gitea/actions/token"
"gitea/oauth2/jwt_secret"
"gitea/security/internal_token"
"gitea/security/secret_key"
"gitea/server/lfs_jwt_secret"
"gitea/storage/access_key_id"
"gitea/storage/secret_access_key"
];
# keikos.work # keikos.work
${config.services.keikos.web.user} = [ ${config.services.keikos.web.user} = [

21
secrets.yaml
View File

@@ -1,12 +1,14 @@
anubis: anubis:
forgejo: forgejo:
hex_file: ENC[AES256_GCM,data:UlFkdy1MfwaQqDnxtMtg4kH/dMJVl8sk4DMfdaCczHGaPtPuP4ADxcBxqpNkzYnQPxbv5ZXqR4qz8Ur5QHWxUg==,iv:WQHkSMiJEV0IWMVvfxC/EuE/e8QabhJinRHADm7kdSg=,tag:1JRwMp94APRszgBuQ0yaQQ==,type:str] hex_file: ENC[AES256_GCM,data:UlFkdy1MfwaQqDnxtMtg4kH/dMJVl8sk4DMfdaCczHGaPtPuP4ADxcBxqpNkzYnQPxbv5ZXqR4qz8Ur5QHWxUg==,iv:WQHkSMiJEV0IWMVvfxC/EuE/e8QabhJinRHADm7kdSg=,tag:1JRwMp94APRszgBuQ0yaQQ==,type:str]
gitea:
hex_file: ENC[AES256_GCM,data:VeF2FRqZdsYe3A002QLGG8jc5s+Tfr5V4dpO/aZ4Rbh9T/O3XQznocDsmUOvjIysH9wbVwvBXGdH1U3vd0qmVg==,iv:/3VQLK+C76HoCbpZAUQaxOFsiFKDuuP2KWAV0EBasp4=,tag:brqDAaHv7r9DRLBoMMmRqw==,type:str]
medama: medama:
hex_file: ENC[AES256_GCM,data:wLRw34+uPWpR5GJuI8Q+nlX4hEx3sMn5mSl/lF5kX0Z8N99Eb6Qj4Emx2mK4dNukYNO8j9blw1/RAL94I+QCjQ==,iv:/dW5Z+S14dByXIUyOyEIxxRFl7e4lZZfBKtukV4s68M=,tag:fELbLVzwIgMJUjhNJw4kYg==,type:str] hex_file: ENC[AES256_GCM,data:wLRw34+uPWpR5GJuI8Q+nlX4hEx3sMn5mSl/lF5kX0Z8N99Eb6Qj4Emx2mK4dNukYNO8j9blw1/RAL94I+QCjQ==,iv:/dW5Z+S14dByXIUyOyEIxxRFl7e4lZZfBKtukV4s68M=,tag:fELbLVzwIgMJUjhNJw4kYg==,type:str]
cloudflared: cloudflared:
tunnel_env: ENC[AES256_GCM,data:2DYmoNJYIUAgbDzwJO4I4CSEMVoQredhDfiAWkzNTJBzNEuWc3PgYlonr+FwCnu1wU6aep5iNascpscMtN1Y8ef2m4S1p+mef872pBoElgMG1S2suLvwKdwXPafWHaQdxmEbRxMJjWhLGxmbnlExq8w88/VKm6V0TG183bPOjATU+empoGpHWKT6dNoIBOJnjdoeDjoP4fSIW1UVmYWYAePBuwsr6d4y/TjXyoBuCRG02WbCzELFMnkKY3PwamIn0PXs5ifg,iv:vfgzOn4Oo10Uk3gdm3LDo96vBZ87NuILaDjht9btAHA=,tag:Awwx3DdD0BU0H7lsjJQPug==,type:str] tunnel_env: ENC[AES256_GCM,data:2DYmoNJYIUAgbDzwJO4I4CSEMVoQredhDfiAWkzNTJBzNEuWc3PgYlonr+FwCnu1wU6aep5iNascpscMtN1Y8ef2m4S1p+mef872pBoElgMG1S2suLvwKdwXPafWHaQdxmEbRxMJjWhLGxmbnlExq8w88/VKm6V0TG183bPOjATU+empoGpHWKT6dNoIBOJnjdoeDjoP4fSIW1UVmYWYAePBuwsr6d4y/TjXyoBuCRG02WbCzELFMnkKY3PwamIn0PXs5ifg,iv:vfgzOn4Oo10Uk3gdm3LDo96vBZ87NuILaDjht9btAHA=,tag:Awwx3DdD0BU0H7lsjJQPug==,type:str]
forgejo: forgejo:
git-password: ENC[AES256_GCM,data:SDyFBCwTxnZ1E6R/8HZCBIBj4AREYfqWrgzSEQ6SA3BDGPFsHghiVmF+Jt4omdzUQSoCCblMBsAx0NQBbBJrCbEoBWtybRM7Cg==,iv:KbtjXW1F8YJeapVpEkf8AdXhojmhOQKxG8nCZv7vW4k=,tag:odrL53KeKLVD5AoQB14veA==,type:str] git_password: ENC[AES256_GCM,data:PLgQBO7ZwApkhWPFDFhTjGxVqWSve2D3mzSVbnOB4YK1jPUSqmE32yQtffEaGQWakFD6c7c4fbtm+eusc81jHYN5gvWh7lwoXA==,iv:D1nypE0CfubCe8J0psJRiJBc0AR9PsZGcXigdXCReQs=,tag:1j8gw//MLKJXScfth8ClOg==,type:str]
s3: s3:
key: ENC[AES256_GCM,data:kdzRs/3kBXJt+jOVlFAm5EaRHNWq5XnK/Ts=,iv:qcqXQsxJXX9JlJwCuoz9y6izR9b1gs3xhnhO3tTpwK0=,tag:ikx95iSB/kGZ6/RFL+rvjg==,type:str] key: ENC[AES256_GCM,data:kdzRs/3kBXJt+jOVlFAm5EaRHNWq5XnK/Ts=,iv:qcqXQsxJXX9JlJwCuoz9y6izR9b1gs3xhnhO3tTpwK0=,tag:ikx95iSB/kGZ6/RFL+rvjg==,type:str]
secret: ENC[AES256_GCM,data:DVF4DB6dnWpVGK4QwStjMcYbvNQlnJn84xmRxI86r5tqDnyPbFDYN8RNlLyjulBQzJH6pMUkfk5vShNpaLaffA==,iv:5aUuyVnNK20y/NTAw2VZNxE+EaN6tfciwtyb7e/vJGg=,tag:+McVG3UdgEp0OfuuKsmOFw==,type:str] secret: ENC[AES256_GCM,data:DVF4DB6dnWpVGK4QwStjMcYbvNQlnJn84xmRxI86r5tqDnyPbFDYN8RNlLyjulBQzJH6pMUkfk5vShNpaLaffA==,iv:5aUuyVnNK20y/NTAw2VZNxE+EaN6tfciwtyb7e/vJGg=,tag:+McVG3UdgEp0OfuuKsmOFw==,type:str]
@@ -16,6 +18,19 @@ forgejo:
email: ENC[AES256_GCM,data:e6GOwBzRBxa00CHYHgV8,iv:oerF3kJWzjzOatND8Tngp3MADw2kaBKyigeFxtH/ypQ=,tag:1q093JG9hRDxs6OzOIU3vw==,type:str] email: ENC[AES256_GCM,data:e6GOwBzRBxa00CHYHgV8,iv:oerF3kJWzjzOatND8Tngp3MADw2kaBKyigeFxtH/ypQ=,tag:1q093JG9hRDxs6OzOIU3vw==,type:str]
actions: actions:
token: ENC[AES256_GCM,data:tjzIEA+TuwInBwfic7P6ZpN7XyQ2RWC7CZrGEjRtFR/Lj7xb4ysPfZ7d91AjNjw=,iv:e3nWZ3BvDeZvEUiJJ6h7u37UC4GZd/i582MRzE9pkyI=,tag:rZZnz5kGiLtCrUdNwgy8Xw==,type:str] token: ENC[AES256_GCM,data:tjzIEA+TuwInBwfic7P6ZpN7XyQ2RWC7CZrGEjRtFR/Lj7xb4ysPfZ7d91AjNjw=,iv:e3nWZ3BvDeZvEUiJJ6h7u37UC4GZd/i582MRzE9pkyI=,tag:rZZnz5kGiLtCrUdNwgy8Xw==,type:str]
gitea:
actions:
token: ENC[AES256_GCM,data:BrsTb1JNp5+eRtWk1/bqdgEdS7eDhUzZatl68jBSFqyv/4aHy3xzybxotdpmIQM=,iv:Mx+naexdYq1Gy3oCPTjYz5cdf4p2Mx8AFxmhwzfOPXo=,tag:/o2X2BlPwUAPkTo0iumMMw==,type:str]
oauth2:
jwt_secret: ENC[AES256_GCM,data:Mrdh35mf7zhuNHSrUJNmlRpzC4qPLlMQotZYJDnVcjtSbqi8Vr2Xa0o19Q==,iv:JFjs9rgDqgf7rEtlRhyO8lz71CgiEc1DUO6+w5Xvq00=,tag:fu4K3okXxKfezI+V+s+G6w==,type:str]
security:
internal_token: ENC[AES256_GCM,data:Wxozs+7XPkTUr6fcOyRGSVbekArrJs1IIdxDB3nUJmESJ5jhhB493r3nw3+Ftj1poZXNDXLBilGjQ5rYi+FW4pjH21pWNyJ2gtXEmwDFG7VMhTa/kqMK0RdvN+m683y91vBmkm4AJmQU,iv:+1Tl8mxhd0YpWvJtW2da3yFmm2aJXES+b9T97WNJqWU=,tag:osq0yeWVOuNpqopVkNDz/Q==,type:str]
secret_key: ENC[AES256_GCM,data:PBNDuXo2vLEewr5z5S4ocVDPDcU49v24iFF7TOlpWS9Lawp9Y+/3xMSr8z8v3ajfK8K46sE9GlXuOt1g5QmGqg==,iv:FDG2G4UlFmKLn9S3tDQCpI1I92vaWo8j7Y5mp0x85Bs=,tag:yf15GwQ5HmwOIlSUVzcsPg==,type:str]
server:
lfs_jwt_secret: ENC[AES256_GCM,data:yY969ZtaVcF7KYT/n1H+ZBM+tNH1Bvx+WwUTXJSVenlz8zzk9SepkDPbdg==,iv:GL17rWtHjzzBZiyrZ/UWkHzrAvHX5vyv4BIhNtq3AL0=,tag:T8weRUemG3b7DVnNtMEFoQ==,type:str]
storage:
access_key_id: ENC[AES256_GCM,data:lMWloeJmqehgw407FGmUYyj0LUW6ogT5M40=,iv:GCr0EMspwK5ByxEXFSdk+GKkY5YL7nweZeOaVx7XNl8=,tag:2f4C0J5xxsTNDjKmSe/+7g==,type:str]
secret_access_key: ENC[AES256_GCM,data:ygQfso7dWktV9BhureOE9JuXePOYGF71YKfs0K0Co8786YxltQEel/zyvAccT/wtM9bcqfcnvYx1E6QqpAA/Ow==,iv:rvPuD2mF+X8TfvL3By6wOrxVC6g3oIPM9BFWX59DAlQ=,tag:1y9wPd34xdrmU+4ECCJP+A==,type:str]
garage: garage:
admin_key: ENC[AES256_GCM,data:ORtjXzJrbWITofjNpVsTHE1gHcwNhBcbMNM=,iv:99XCuu5hGa3ZnAqbOsmgjeMouC8EnTzsJ0HuOoHwKEE=,tag:eJVx+A8MJ4g1xXr2F5hTkg==,type:str] admin_key: ENC[AES256_GCM,data:ORtjXzJrbWITofjNpVsTHE1gHcwNhBcbMNM=,iv:99XCuu5hGa3ZnAqbOsmgjeMouC8EnTzsJ0HuOoHwKEE=,tag:eJVx+A8MJ4g1xXr2F5hTkg==,type:str]
admin_secret: ENC[AES256_GCM,data:7hMOXJwIr0pkCFBBh5vnDy//R9UwD+eTlddT1VGOpqYaA0andf0jRfGOr0efcX0x/EvlDOrfFqn8ME8icZRRbw==,iv:KGxqXhzNWFWiwBHRSP+aov2fCNHgFuUtpBF4nd40mGw=,tag:ixcehvjzs6CfVyAAl315dw==,type:str] admin_secret: ENC[AES256_GCM,data:7hMOXJwIr0pkCFBBh5vnDy//R9UwD+eTlddT1VGOpqYaA0andf0jRfGOr0efcX0x/EvlDOrfFqn8ME8icZRRbw==,iv:KGxqXhzNWFWiwBHRSP+aov2fCNHgFuUtpBF4nd40mGw=,tag:ixcehvjzs6CfVyAAl315dw==,type:str]
@@ -42,7 +57,7 @@ sops:
amRmVkVoS2RqeEs3OXZVeTlsZUVEV28K1WcbGJHT8LMah5b7NN1psiucTl1OfZYO amRmVkVoS2RqeEs3OXZVeTlsZUVEV28K1WcbGJHT8LMah5b7NN1psiucTl1OfZYO
4T3RDSQMB3qj1TGQSdixjwRRKbMGtL3LXnvkNd+caVi5Z9OkF1O9Yg== 4T3RDSQMB3qj1TGQSdixjwRRKbMGtL3LXnvkNd+caVi5Z9OkF1O9Yg==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2025-10-10T02:06:29Z" lastmodified: "2025-10-10T21:47:17Z"
mac: ENC[AES256_GCM,data:/FSwyA7AfbRZgCPfn0MbUaW+OduFpluWX5RntzjJMieJzfdix+NAwFnOThr+vtN24VybepvlayXzfTlf9lWlfotozit/jdZMoPipEifEiO8LoXDrmNUZow8AOJ9cmCOKNx8YdcN0K28mE0nTTkP8aXPumcyWKuLa8+faLEgPs0Q=,iv:uQIHkfTbuM7dy34S4mpYEmLG3B2ff003IaSp07rN50g=,tag:qkFwvjxojtksfEDVpsFAYw==,type:str] mac: ENC[AES256_GCM,data:4K5fNM05Mm3VCFTx2lntPUcaW/fznjchMdd26VJURBTED3Hr8wpLyNMFtWqWlKZvVuMyk7VQyyBmysb0clmydHpuDR9TtJSJA+IyIyK6IQJi86mQs7IpcSf4Z6uXA33ed3z2aJWhwA8l+5XtwQjYQbDeME1v/ir7xTeqz8P4STI=,iv:iaXcW+3UumdAR/v4/Pp8ZCqJQ2WmL6fucRFJwTugxrc=,tag:sxUajgkMkYjshIgU24o+/w==,type:str]
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.10.2 version: 3.10.2